Microsoft has made Agent 365 generally available and detailed at least two dozen features of its much-touted “control plane,” including several upcoming features that haven’t previously been discussed.
In this report, I’ll detail five of those forthcoming new features that I found the most noteworthy; they span registry and policy updates, security, and governance.
To set the stage for these updates, here’s context on Agent 365 and its core value proposition: The company first announced Agent 365 last November, positioning Agent 365 as a platform to govern expanding agent installations through an agent registry, access controls, visualization technology, interoperability with third-party agents and platforms, and security through existing Microsoft platforms. An Agent 365 dashboard is a critical entry point to view all the agent data for an enterprise.
The current and forthcoming features, taken together, bring enterprise-level controls to AI agents. “The shift is clear: scaling agents requires the same operational rigor as any other enterprise system,” said Ray Smith, Microsoft Corporate Vice President, Agent 365, Product. The platform “provides a control plane to help teams observe, secure, and govern agents — including how they interact with data, tools, and enterprise resources.”
Registry and Policy Updates
Forthcoming Agent 365 features – now in preview – increase the syncing functionality of the Agent 365 Registry by extending it to third-party platforms. They also strengthen controls against using agents on a “shadow” basis, that is, AI without IT authorization and control.
Registry Sync
Agent 365 provides unified views to discover, inventory, and govern customers’ agents and platforms. Registry sync enables AI admins to consent to, and connect, partner agent platforms to Agent 365, bringing external agents and their metadata into the registry for a comprehensive view. Customers can take agent-level governance actions directly from the Agent 365 registry, starting with agent deletion, if the partner’s platform supports that capability. The initial preview includes connections to AWS — specifically Amazon Bedrock — and Google Cloud, with additional partner platforms planned for future releases.
Shadow AI Detection and Blocking
Local agents installed on company devices without IT visibility and controls can read files, execute code, and act on a user’s behalf, enabling access to sensitive data. Therefore they can introduce significant risk.
The forthcoming Shadow AI page in Agent 365, enabled by Microsoft Defender and Microsoft Intune, helps identify agent activity on Windows devices and apply endpoint controls. Initial support includes the OpenClaw autonomous AI agent, with plans to expand to additional widely used agents over time.
The Shadow AI page also gives admins a centralized view of local agent usage and can take action to limit unsanctioned execution paths, helping reduce risk while supporting approved tools. Microsoft said coverage will extend over time beyond OpenClaw to include GitHub Copilot CLI, Claude Code, and more.
The new Shadow AI page of Agent 365, where Intune policies are being applied
Security Updates
Agent Threat Hunting and Investigation
Security teams can tap observability logs in Agent 365 for Advanced Threat Hunting to proactively search for vulnerabilities and potential exposures in their organization’s agentic environment. Security teams can identify risky configurations, for example, such as agents with Model Context Protocol (MCP) tools. Such permissions allow MCP tools to operate as “makers,” potentially leading to privilege escalation and exposure. Security teams can use advanced hunting to run queries that generate a list of agents that could introduce risks, then collaborate across teams to remediate so those risks don’t escalate into more serious security incidents.
Agent Security Posture Management
Microsoft Defender provides agent security posture management for Agent 365 by assessing the security posture of Foundry and Copilot Studio agents, identifying vulnerabilities and surfacing prioritized security recommendations, risk context, and attack path analysis. This enables teams to focus remediation where risk is highest and thereby reduce exposure proactively.
Threat Detection and Blocking
Protecting IT resources against the fast-developing AI threat landscape, Microsoft Defender enables security teams to detect and investigate agent threats at runtime. If an agent abuses its permissions to access an email MCP server, for example, Microsoft Defender can block invocation of the server. In so doing, it reduces the incident’s impact and triggers alerts in the Defender portal for investigation and response.
Governance
In addition to forthcoming features detailed above, Microsoft also filled in additional details of lifecycle/governance features in the initial release. Details on two of those below:
Agent-Level Lifecycle and Governance
AI admins can install, publish, block, unblock, delete, and assign new owners for agents – all directly from the Agent 365 registry. Centralized lifecycle and governance actions remove friction, reduce delays, and enable fast response as agents are created and shared.
Admin Approval and Publication Flow
Agent approval and publication flow gives admins a centralized control point to review agents before they reach users. Each requested agent’s capabilities can be assessed in terms of data access, permissions, and security compliance in the Agent 365 registry, then an admin can choose to publish or reject an agent within a single workflow. This combats agent sprawl, reduces over‑privileged access, and ensures agents are onboarded with the right governance across Copilot Studio, Microsoft Foundry, and an expanding set agent platforms.
Conclusion
With its new and forthcoming Agent 365 features, Microsoft is equipping customers with the enterprise-grade controls they need to manage AI like any other business or IT asset, underscoring the maturation of AI and agent management. The increased level of interoperability with other AI agent platforms serves as another acknowledgment that the typical IT estate will have agents from Microsoft, third parties, and in-house agents. Bringing unified governance to that mix will give leaders confidence that AI can continue to progress as a robust technology that injects automation into core business processes.
Related Agent 365 Analysis:
Community Summit North America is the largest independent innovation, education, and training event for Microsoft business applications delivered by Expert Users, Microsoft Leaders, MVPs, and Partners. Register now to attend Community Summit in Nashville, TN from October 11-15.
